vagabond 0.1.0

data/lib/vagabond/cookbooks/lxc/CHANGELOG.md

@@ -0,0 +1,21 @@
+## v0.1.0
+* Abstracted out packages for cross-platform support later.
+* Added the 'containers' recipe to create containers for the members of the node['lxc']['containers'] hash
+* Add support for use of the apt::cacher-client settings if a proxy is in use.
+* chef_enabled defaults to false on lxc_containers
+* Better idempotency checks when building new containers
+* Refactoring of lxc_service
+* Container based commands run via knife::ssh providing proper logging feedback
+* New networking related attributes added to lxc_container for easy basic network setups
+
+## v0.0.3
+* Remove resource for deprecated template
+
+## v0.0.2
+* Cleanup current config and container LWRPs
+* Add new LWRPs (fstab and interface)
+* Add better configuration build to prevent false updates
+* Thanks to Sean Porter (https://github.com/portertech) for help debugging LWRP updates
+
+## v0.0.1
+* Initial release

data/lib/vagabond/cookbooks/lxc/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gem 'test-kitchen'

data/lib/vagabond/cookbooks/lxc/Gemfile.lock

@@ -0,0 +1,132 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    archive-tar-minitar (0.5.2)
+    builder (3.1.4)
+    bunny (0.7.9)
+    chef (10.18.2)
+      bunny (>= 0.6.0, < 0.8.0)
+      erubis
+      highline (>= 1.6.9)
+      json (>= 1.4.4, <= 1.6.1)
+      mixlib-authentication (>= 1.3.0)
+      mixlib-cli (>= 1.1.0)
+      mixlib-config (>= 1.1.2)
+      mixlib-log (>= 1.3.0)
+      mixlib-shellout
+      moneta (< 0.7.0)
+      net-ssh (~> 2.2.2)
+      net-ssh-multi (~> 1.1.0)
+      ohai (>= 0.6.0)
+      rest-client (>= 1.0.4, < 1.7.0)
+      treetop (~> 1.4.9)
+      uuidtools
+      yajl-ruby (~> 1.1)
+    childprocess (0.3.8)
+      ffi (~> 1.0, >= 1.0.11)
+    coderay (1.0.9)
+    erubis (2.7.0)
+    excon (0.18.3)
+    ffi (1.4.0)
+    fog (1.9.0)
+      builder
+      excon (~> 0.14)
+      formatador (~> 0.2.0)
+      mime-types
+      multi_json (~> 1.0)
+      net-scp (~> 1.0.4)
+      net-ssh (>= 2.1.3)
+      nokogiri (~> 1.5.0)
+      ruby-hmac
+    foodcritic (1.7.0)
+      erubis
+      gherkin (~> 2.11.1)
+      gist (~> 3.1.0)
+      nokogiri (~> 1.5.4)
+      pry (~> 0.9.8.4)
+      rak (~> 1.4)
+      treetop (~> 1.4.10)
+      yajl-ruby (~> 1.1.0)
+    formatador (0.2.4)
+    gherkin (2.11.5)
+      json (>= 1.4.6)
+    gist (3.1.1)
+    hashr (0.0.22)
+    highline (1.6.15)
+    i18n (0.6.1)
+    ipaddress (0.8.0)
+    json (1.5.5)
+    librarian (0.0.26)
+      archive-tar-minitar (>= 0.5.2)
+      chef (>= 0.10)
+      highline
+      thor (~> 0.15)
+    log4r (1.1.10)
+    method_source (0.7.1)
+    mime-types (1.21)
+    mixlib-authentication (1.3.0)
+      mixlib-log
+    mixlib-cli (1.2.2)
+    mixlib-config (1.1.2)
+    mixlib-log (1.4.1)
+    mixlib-shellout (1.1.0)
+    moneta (0.6.0)
+    multi_json (1.6.1)
+    net-scp (1.0.4)
+      net-ssh (>= 1.99.1)
+    net-ssh (2.2.2)
+    net-ssh-gateway (1.1.0)
+      net-ssh (>= 1.99.1)
+    net-ssh-multi (1.1)
+      net-ssh (>= 2.1.4)
+      net-ssh-gateway (>= 0.99.0)
+    nokogiri (1.5.6)
+    ohai (6.16.0)
+      ipaddress
+      mixlib-cli
+      mixlib-config
+      mixlib-log
+      mixlib-shellout
+      systemu
+      yajl-ruby
+    polyglot (0.3.3)
+    pry (0.9.8.4)
+      coderay (~> 1.0.5)
+      method_source (~> 0.7.1)
+      slop (>= 2.4.4, < 3)
+    rak (1.4)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    ruby-hmac (0.4.0)
+    slop (2.4.4)
+    systemu (2.5.2)
+    test-kitchen (0.7.0)
+      fog
+      foodcritic (>= 1.4.0)
+      hashr (~> 0.0.20)
+      highline (>= 1.6.9)
+      librarian (~> 0.0.20)
+      mixlib-cli (~> 1.2.2)
+      vagrant (~> 1.0.2)
+      yajl-ruby (~> 1.1.0)
+    thor (0.17.0)
+    treetop (1.4.12)
+      polyglot
+      polyglot (>= 0.3.1)
+    uuidtools (2.1.3)
+    vagrant (1.0.6)
+      archive-tar-minitar (= 0.5.2)
+      childprocess (~> 0.3.1)
+      erubis (~> 2.7.0)
+      i18n (~> 0.6.0)
+      json (~> 1.5.1)
+      log4r (~> 1.1.9)
+      net-scp (~> 1.0.4)
+      net-ssh (~> 2.2.2)
+    yajl-ruby (1.1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  test-kitchen

data/lib/vagabond/cookbooks/lxc/README.md

@@ -0,0 +1,83 @@
+## LXC
+
+Manage linux containers with Chef.
+
+### Recipes
+
+#### default
+
+Installs the packages and configuration files needed for lxc on the server. If
+the node uses apt-cacher-ng as a client, the server will be reused when building
+containers.
+
+#### install_dependencies
+
+Installs the packages needed to support lxc's containers.
+
+#### containers
+
+This recipe creates all of the containers defined in the `['lxc']['containers']`
+hash. Here is an example of an `example` container:
+
+```ruby
+node['lxc']['containers']['example'] = { 
+  'template' => 'ubuntu',
+  'trim' => , false,
+  'debug' => , true 
+}
+```
+
+You may set `trim` and `debug` to `true` if you need them (default is `false`).
+
+Backing store file system and template options are not yet supported.
+
+#### knife
+
+Install and manage containers via the knife-remotelxc plugin.
+
+### Example
+
+```ruby
+include_recipe 'lxc'
+
+lxc_container 'my_container' do
+  action :create
+  validation_client 'my-validator'
+  server_uri 'https://api.opscode.com/organizations/myorg'
+  validator_pem content_from_encrypted_dbag
+  run_list ['role[base]']
+  chef_enabled true
+end
+
+lxc_container 'my_container_clone' do
+  action :clone
+  base_container 'my_container'
+  chef_enabled true
+end
+
+lxc_service 'my_container_clone' do
+  action :start
+end
+```
+
+Containers do not have to be Chef enabled but it does make them
+extremely easy to configure. If you want the Omnibus installer
+cached, you can set the attribute
+
+```ruby
+node['omnibus_updater']['cache_omnibus_installer'] = true
+```
+
+in a role or environment (default is false). The `lxc_container`
+resource also provides `initialize_commands` which an array of
+commands can be provided that will be run after the container is
+created.
+
+### Repository:
+
+* https://github.com/hw-cookbooks/lxc
+
+### Contributors
+
+* Sean Porter (https://github.com/portertech)
+* Matt Ray (https://github.com/mattray)

data/lib/vagabond/cookbooks/lxc/attributes/default.rb

@@ -0,0 +1,26 @@
+default[:lxc][:start_ipaddress] = nil
+default[:lxc][:validator_pem] = nil
+default[:lxc][:auto_start] = true
+default[:lxc][:bridge] = 'lxcbr0'
+default[:lxc][:use_bridge] = true
+default[:lxc][:addr] = '10.0.3.1'
+default[:lxc][:netmask] = '255.255.255.0'
+default[:lxc][:network] = '10.0.3.0/24'
+default[:lxc][:dhcp_range] = '10.0.3.2,10.0.3.254'
+default[:lxc][:dhcp_max] = '253'
+default[:lxc][:shutdown_timeout] = 120
+default[:lxc][:allowed_types] = %w(debian ubuntu fedora)
+default[:lxc][:container_directory] = '/var/lib/lxc'
+default[:lxc][:dnsmasq_lease_file] = '/var/lib/misc/dnsmasq.leases'
+
+default[:lxc][:knife] = {}
+default[:lxc][:knife][:static_range] = ''
+default[:lxc][:knife][:static_ips] = []
+
+default[:lxc][:user_pass][:debian] = {:username => 'root', :password => 'root'}
+default[:lxc][:user_pass][:ubuntu] = {:username => 'ubuntu', :password => 'ubuntu'}
+default[:lxc][:user_pass][:fedora] = {:username => 'root', :password => 'root'}
+
+default[:lxc][:packages] = %w(lxc)
+default[:lxc][:mirror] = 'http://archive.ubuntu.com/ubuntu'
+default[:lxc][:containers] = {}

data/lib/vagabond/cookbooks/lxc/files/default/knife_lxc

@@ -0,0 +1,228 @@
+#!/opt/chef/embedded/bin/ruby
+
+require 'json'
+require 'getoptlong'
+
+LXC_HOME = '/var/lib/lxc'
+
+opts = GetoptLong.new(
+  ['--help', '-h', GetoptLong::NO_ARGUMENT],
+  ['--version', '-v', GetoptLong::NO_ARGUMENT],
+  ['--template', '-t', GetoptLong::REQUIRED_ARGUMENT]
+)
+
+# Default
+template = 'ubuntu'
+
+opts.each do |opt, arg|
+  case opt
+  when '--help'
+    show_usage
+    exit 0
+  when '--version'
+    show_version
+    exit 0
+  when '--template'
+    template = arg
+    raise 'Unsupported template provided' unless %w(debian fedora ubuntu).include?(template)
+  end
+end
+
+def conf
+  @c ||= JSON.load(File.read('/etc/knife-lxc/config.json'))
+end
+
+def lxc_exists?(lxc_name)
+  current_names = Dir.glob(File.join(LXC_HOME, '*')).map{|c| File.basename(c)}
+  current_names.include?(lxc_name)
+end
+
+def ensure_name_availability!(name)
+  raise 'Name already in use' if lxc_exists?(name)
+end
+
+def available_ips
+  # TODO: Add range calculation
+  range = conf['address']['range']
+  if(range.to_s.empty?)
+    range = (range.split('-').first.split('.').last..range.split('-').last).map{|oct|
+      "#{range.split('-').first.split('.').slice(0,3).join('.')}.#{oct}"
+    }
+  else
+    range = []
+  end
+  (conf['addresses']['static'] + range).compact
+end
+
+def used_ips
+  Dir.glob(File.join(LXC_HOME, '*')).map{ |ctn|
+    File.readlines(File.join(ctn, 'rootfs', 'etc', 'network', 'interfaces')).detect{ |line|
+      line.include?('address')
+    }.to_s.split(' ').last.to_s.strip
+  }.reject{ |addr|
+    addr.empty?
+  }
+end
+
+def update_container_ip(name)
+  new_ip = (available_ips - used_ips).pop
+  raise 'no ips available' unless new_ip
+  update_network_interfaces(name, new_ip)
+  new_ip
+end
+
+def update_network_interfaces(name, address)
+  default_nm = '255.255.255.0'
+  (parts = address.split('.')).last.replace('1')
+  default_gw = parts.join('.')
+  File.open(File.join(LXC_HOME, name, 'rootfs', 'etc', 'network', 'interfaces'), 'w') do |file|
+    file.puts "auto lo eth0"
+    file.puts "iface lo inet loopback"
+    file.puts "iface eth0 inet static"
+    file.puts "  address #{address}"
+    file.puts "  gateway #{conf['gateway'] || default_gw}"
+    file.puts "  netmask #{conf['netmask'] || default_nm}"
+  end
+end
+
+def sudoable_ubuntu(name)
+  path = File.join(LXC_HOME, name, 'rootfs', 'etc', 'sudoers')
+  content = File.readlines(path).map do |line|
+    if(line.start_with?('%sudo'))
+      '%sudo ALL=(ALL) NOPASSWD:ALL'
+    else
+      line
+    end
+  end
+  File.open(path, 'w') do |file|
+    file.write(content.join("\n"))
+  end
+end
+
+def clone_container(name, template)
+  %x{lxc-clone -o #{template}_base -n #{name}}
+end
+
+def start_container(name)
+  %x{lxc-start -n #{name} -d}
+  %x{lxc-wait -n #{name} -s RUNNING}
+end
+
+def stop_container(name)
+  %x{lxc-shutdown -n #{name} -d}
+  %x{lxc-wait -n #{name} -s STOPPED}
+end
+
+def create_lxc(lxc_name, template)
+  ensure_name_availability!(lxc_name)
+  clone_container(lxc_name, template)
+  address = update_container_ip(lxc_name)
+  # TODO: Update debian and fedora to use sudo user and remove root login
+  if(lxc_name == 'ubuntu')
+    sudoable_ubuntu(lxc_name)
+  end
+  start_container(lxc_name)
+  puts "LXC Node #{lxc_name} available at: #{address}"
+end
+
+def lxc_address(name)
+  if(File.exists?(int = File.join(LXC_HOME, name, 'rootfs', 'etc', 'network', 'interfaces')))
+    addr = File.readlines(int).detect{|l|l.include?('address')}.to_s.split(' ').last.to_s.strip
+    addr.empty? ? 'dynamic' : addr
+  else
+    'dynamic'
+  end
+end
+
+def lxc_type(name)
+  base = File.join(LXC_HOME, name, 'rootfs', 'etc')
+  if(File.exists?(lsb = File.join(base, 'lsb-release')))
+    File.readlines(lsb).last.split('=').last.strip.gsub('"', '')
+  elsif(File.exists?(sys_rel = File.join(base, 'system-release')))
+    File.readlines(sys_rel).first.strip
+  elsif(File.exists?(deb_ver = File.join(base, 'debian_version')))
+    "Debain #{File.read(deb_ver).strip}"
+  else
+    'UNKNOWN'
+  end
+end
+
+def list_lxcs
+  info = Hash[
+    *Dir.glob(File.join(LXC_HOME, '*')).map{|dir|
+      key = File.basename(dir)
+      [key, {:address => lxc_address(key), :type => lxc_type(key)}]
+    }.sort{|a,b|
+      a.first <=> b.first
+    }.flatten
+  ]
+  info.each do |name, info|
+    puts "#{name}"
+    puts "  Type: #{info[:type]}"
+    puts "  Address: #{info[:address]}"
+  end
+end
+
+def info_lxc(lxc_name)
+  puts "#{lxc_name}"
+  puts "  Type: #{lxc_type(lxc_name)}"
+  puts "  Address: #{lxc_address(lxc_name)}"
+end
+
+def delete_lxc(lxc_name)
+  %x{lxc-stop -n #{lxc_name}}
+  %x{lxc-wait -n #{lxc_name} -s STOPPED}
+  %x{lxc-destroy -n #{lxc_name}}
+end
+
+action = ARGV.first.to_s
+
+case action
+when 'create'
+  lxc_name = ARGV[1]
+  create_lxc(lxc_name, template)
+when 'list'
+  list_lxcs
+when 'info'
+  lxc_name = ARGV[1]
+  if(lxc_exists?(lxc_name))
+    info_lxc(lxc_name)
+  else
+    $stderr.puts "Requested container does not exist: #{lxc_name}"
+    exit 2
+  end
+when 'start'
+  lxc_name = ARGV[1]
+  if(lxc_exists?(lxc_name))
+    print "Starting container #{lxc_name}... "
+    start_lxc(lxc_name)
+    puts 'started'
+  else
+    $stderr.puts "Requested container does not exist: #{lxc_name}"
+    exit 2
+  end
+when 'stop'
+  lxc_name = ARGV[1]
+  if(lxc_exists?(lxc_name))
+    print "Stopping container #{lxc_name}... "
+    stop_lxc(lxc_name)
+    puts 'stopped'
+  else
+    $stderr.puts "Requested container does not exist: #{lxc_name}"
+    exit 2
+  end
+when 'delete'
+  lxc_name = ARGV[1]
+  if(lxc_exists?(lxc_name))
+    print "Deleting LXC #{lxc_name}... "
+    destroy_lxc(lxc_name)
+    puts 'done'
+  else
+    $stderr.puts "Requested container does not exist: #{lxc_name}"
+    exit 2
+  end
+else
+  $stderr.puts "ERROR: Unknown action: #{action}"
+  exit 1
+end
+